Comments on Putting Vulnerabilities in PerspectiveTypePad2009-02-11T18:11:19ZRobert A.http://www.cgisecurity.com/tag:typepad.com,2003:http://www.cgisecurity.com/2009/02/putting-vulnerabilities-in-perspective/comments/atom.xml/Dave Ferguson commented on 'Putting Vulnerabilities in Perspective'tag:typepad.com,2003:6a00e553aa1a2888330111686832dc970c2009-02-16T18:04:00Z2009-02-16T18:04:00ZDave FergusonMy post about Netflix was simply meant to provide interesting information. The statement "it was purposefully not done for business...<p>My post about Netflix was simply meant to provide interesting information. The statement &quot;it was purposefully not done for business reasons&quot;, should make it clear that I did indeed consider their business goals. Obviously, there is a reason it hasn&#39;t been fixed, but I disagree with your assumption that significant developer resources are needed. The Netflix team already implemented CSRF protection for the other actions, and that same mechanism could be deployed for adding movies. </p>